This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

Gurucul conducted a survey of attendees at the 2022 Black Hat USA security conference focused on the Security Operations Center (SOC). We asked security professionals who worked in the SOC about what they needed to be successful, the technologies and attacks they’re most focused on, and their plans for the SOC in the next year.

In our Security Report, we discuss a few more trends observed by cp throughout the year. The Russia-Ukraine war demonstrated how the traditional, kinetic, war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.

This AT&T Cybersecurity Insights report focuses on connecting and securing the entire edge computing ecosystem. This report presents a perspective that recognizes the essential characteristics of and key differences among edge architectures and provides a realistic picture of the state of edge.

This report, our third in an annual series, draws upon a comprehensive survey of corporate digital forensics & incident response (DFIR) professionals in North America (NA) and Europe, the Middle East, and Africa (EMEA), and aims to provide intelligence—with analysis, interpretation, and insights, rather than just data— tailored to the needs of enterprise decision-makers, particularly those involved with IT, cybersecurity, and governance.

The 2023 Cloud Security Report is a comprehensive study based on an extensive survey conducted among 351 cybersecurity professionals in the European Union (EU). By analyzing the latest trends in cloud adoption, identifying prevalent security challenges, and highlighting best practices, this report provides insights for organizations seeking to fortify their cloud environments.

In this report, the McAfee Labs team conducted an in-depth analysis and review of AI-cloning tools to evaluate the pervasiveness of the technology used in these scams and to discover how they could help consumers better protect themselves.

The Fortinet 2023 State of Operational Technology and Cybersecurity Report is our fifth annual study based on data from an in-depth worldwide survey of 570 OT professionals conducted by a respected third-party research company.

As health care delivery organizations have increased their reliance on health information technology, they have also increased their exposure to new cybersecurity risks, such as ransomware attacks.

This is the tenth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.

In our annual Threat Report, the Deepwatch Adversary Tactics and Intelligence (ATI) team provides data on the leading cybersecurity threats that SOC security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. With analysis from ATI research and Deepwatch customer engagements, we review the types of volumes of threats, look at the challenges in visualization and identification, and consider what lingering or growing threats SOC teams should prioritize.

Attackers persistently adapted their email-based techniques throughout 2022, cycling through new and old tactics in the hopes of evading human and cyber security measures.

In this eBook, we will discuss the challenges of securing today’s rail networks in the face of increasingly frequent and severe cyber threats, the impact of intensifying regulatory requirements and the potential damage that malicious actors could leave behind. Finally, we will explore the most critical things to look for in a security solution for rail transportation networks.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistic on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is to provide deep insight into the minds of IT security professionals.

In this report you’ll gain valuable insights into the current state of cyber resilience, understand the latest threats, trends, and best practices to protect your organization effectively. Discover proactive strategies and technological solutions to bolster your organization’s cyber defenses, mitigating risks and minimizing the financial impact of potential cyber attacks.

The research revealed that the rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year, the same as in our 2022 survey. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing organizations today.

Our annual State of the Phish report explores end-user security awareness, resilience and risk across 15 countries (eight more than in previous years). The report benchmarks understanding of common cyber threats and defensive tactics and reveals how potential gaps in knowledge and cyber hygiene enable the real-world attack landscape. Most attacks target people before they target systems. That’s why helping users build sustainable security habits is crucial.

The April 2023 report details a continued rise in Russian state-sponsored threat actors, the shutdown of a widely used hacker marketplace, “shadow ban” attacks against Twitter users, and the emergence of several new high and critical vulnerabilities, including a zero-day exploit against Google Chrome. It also provides updates to the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and includes information on some of the top phishing sites observed over the month.

The goal of this paper is to help decision-makers and entities who can protect systems from ransomware at scale, such as the security industry, governments, and policymakers, to form defensive strategies on how best to make an impact on the ransomware ecosystem. While this paper does not focus on hands-on technical defenses that an enterprise would look to for deployment, it does aim to provide decision-makers with methods for understanding the level of risk that an organization faces from this threat.

Our international survey explored the experience of ransomware attacks on organizations over the last 12 months. The findings show that almost three-quarters (73%) of respondents report being hit with at least one successful ransomware attack in 2022 — and 38% say they were hit twice or more.

The basis of this report is the Zscaler ThreatLabz research team’s analysis of nearly 6 billion data loss policy violations from November 2021 through July 2022. We’ll look at what and how enterprise data is being shared, where it’s going, which malicious actors are targeting it, and how you can improve your datasharing hygiene so as to mitigate risk without stifling productivity.